Overview
The cybercriminal group known as Scattered Spider has recently shifted its focus to U.S. based retail companies. The group, previously linked to high-profile breaches of UK retailers like Marks & Spencer, Harrods, and the Co-op, is now believed to be behind a series of attacks on American retailers, including Ahold Delhaize USA, the parent company of Giant and Food Lion. This shift was confirmed by Google’s Mandiant team, which identified overlapping tactics and infrastructure used in both the U.K. and U.S. incidents. The FBI has responded by increasing threat briefings for companies in the retail sector. The group’s methods rely heavily on social engineering, particularly impersonating IT staff to gain access to internal systems.
Scattered Spider is known for its use of real-time social engineering, often contacting help desks by phone or email while posing as employees or contractors. Once they convince staff to reset credentials or grant access, they escalate privileges and move laterally within the network. The group avoids traditional malware, instead relying on legitimate tools and stolen credentials to maintain stealth. Their operations are often carried out by younger individuals recruited through online platforms like Telegram, making attribution and disruption more difficult. Recent activity also shows an expansion into targeting enterprise software platforms, raising concerns about broader supply chain risks.
Why it matters:
Scattered Spider’s tactics are particularly effective because they exploit human trust rather than technical vulnerabilities, making them harder to detect with conventional security tools. Their past involvement in attacks on major companies like MGM Resorts and Caesars Entertainment demonstrates their capacity for disruption. With the group now actively targeting American firms, organizations are being urged to strengthen identity verification procedures, enforce multi-factor authentication, and train staff to recognize social engineering attempts. The threat appears to be ongoing and evolving.